locked
Windows Updates and Firewall/Port/Site question RRS feed

  • Question

  • HI,  I have a new router/firewall and a few Servers/PCs behind it. I need to lockdown outbound Internet traffic. To allow the PCs to perfrom automatic Windows updates, do all I need to to do is open the firewall's port 80 for sites update.microsoft.com and www.windowsupdate.com...?

    Thanks,


    Tom Karpowski...

    Tuesday, October 6, 2015 8:28 PM

Answers

  • Hi,

    When there is a firewall between the Windows Update agent and the Internet, the firewall might need to be configured to allow communication for the HTTP and HTTPS ports used for Windows Update. Windows Update agent uses port 80 for HTTP and port 443 for HTTPS to obtain updates.
    If your organization does not allow the ports and protocols to be open to all addresses, you can restrict access to the following sites:

    • http://windowsupdate.microsoft.com
    • http://*.windowsupdate.microsoft.com
    • https://*.windowsupdate.microsoft.com
    • http://*.update.microsoft.com
    • https://*.update.microsoft.com
    • http://*.windowsupdate.com
    • http://download.windowsupdate.com
    • http://download.microsoft.com
    • http://*.download.windowsupdate.com
    • http://wustat.windows.com
    • http://ntservicepack.microsoft.com
    • https://*.ws.microsoft.com
    • http://*.ws.microsoft.com

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Steven_Lee0510 Tuesday, October 20, 2015 3:35 PM
    • Marked as answer by Steven_Lee0510 Tuesday, October 20, 2015 11:26 PM
    Wednesday, October 7, 2015 7:07 AM
  • Hi,

    >>To confirm, I need to keep the above sites open for PCs to get Windows updates...?

    Yes.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, October 20, 2015 3:35 PM

All replies

  • Hi,

    When there is a firewall between the Windows Update agent and the Internet, the firewall might need to be configured to allow communication for the HTTP and HTTPS ports used for Windows Update. Windows Update agent uses port 80 for HTTP and port 443 for HTTPS to obtain updates.
    If your organization does not allow the ports and protocols to be open to all addresses, you can restrict access to the following sites:

    • http://windowsupdate.microsoft.com
    • http://*.windowsupdate.microsoft.com
    • https://*.windowsupdate.microsoft.com
    • http://*.update.microsoft.com
    • https://*.update.microsoft.com
    • http://*.windowsupdate.com
    • http://download.windowsupdate.com
    • http://download.microsoft.com
    • http://*.download.windowsupdate.com
    • http://wustat.windows.com
    • http://ntservicepack.microsoft.com
    • https://*.ws.microsoft.com
    • http://*.ws.microsoft.com

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Steven_Lee0510 Tuesday, October 20, 2015 3:35 PM
    • Marked as answer by Steven_Lee0510 Tuesday, October 20, 2015 11:26 PM
    Wednesday, October 7, 2015 7:07 AM
  • Hi,

    I understand the port 80 and 443.

    To confirm, I need to keep the above sites open for PCs to get Windows updates...?

    Thanks,


    Tom Karpowski...

    Wednesday, October 7, 2015 2:03 PM
  • Hi,

    >>To confirm, I need to keep the above sites open for PCs to get Windows updates...?

    Yes.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, October 20, 2015 3:35 PM